CVE-2015-9229

4.8MEDIUM

Key Information:

Vendor: Wordpress
Status: Nextgen Gallery
Vendor: CVE Published:; 12 September 2017

Summary

In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.

References

https://github.com/cybersecurityworks/Disclosed/issues/5

x_refsource_MISC

https://cybersecurityworks.com/zerodays/cve-2015-9229-nex...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 12, 2017
Vulnerability Reserved
Sep 12, 2017